A popular home-baker in Gurugram gets a call from a potential client to discuss an order he wanted to place. The discussion went on for about 20 minutes post which the client was ready to place his order. The baker told him that upon the payment of 50 per cent of the total amount, she would process the order and have it ready on the date he wanted. The client said he would make a Paytm payment right away.
During the call, the baker was asked to share the One Time Password (OTP) she had received. Within seconds of sharing the OTP, she realised that her Paytm account had been wiped clean. Upon calling the ‘client’, she found out that the fraudster had turned off the mobile. And there was no way she could trace him.
While online fraudsters usually try and target first-time internet users and senior citizens, this incident happened to someone who uses technology extensively and deals with online transactions daily. So the point I want to make here is, no one is spared.
This could happen to you as well. According to this report, a woman in Mumbai shared her OTP 28 times with someone who identified himself as a banker which helped the perpetrator swindle her of nearly Rs 7 lakh. Before we explain you how to protect yourself from falling for such scams, let’s understand what an OTP is.
An OTP is a string of numeric or alphanumeric characters generated automatically authenticating the user for a single transaction or login session. It is said that an OTP is more secure than a static password which could be used across various accounts, which is why you will find banks opting for OTP. It also adds an extra layer of security.
1. Do not share OTP details
No matter how convincing the person on the phone might be, do not ever share your OTP with anyone. No bank will ever authorise anyone to call you and collect your OTP details via call. If you are making a payment on the phone, you will be directed to punch in the OTP details on your screen and not verbally give it out to any operator. Refrain from clicking on suspicious links, as these might be ways to steal your details.
2. Be patient
Very often, we are in a tearing hurry to complete an online transaction and get on with other work. In such a scenario, we might miss out on important details. Always be mindful of the fact that you need to enter your OTP details only when you are making a payment. While receiving a payment, you will not be asked to enter any such detail. If you receive a payment request from a source that you cannot identify, immediately reject it. You also have the option of reporting the number as spam. Therefore, exercise patience and caution while making and receiving payments.
3. Third-party access to your screen
Every app that you download and install on your phone will seek permission to access your information, do read the details and ensure that you allow access to data that you deem necessary. Do not go for a blanket ‘yes’ for all the apps you download.
For instance, an app you download does not necessarily have to access your physical location at all times; it can be turned on to access the data only when the app is being used. Anuj Bhansali, Head of Fraud and Risk at PhonePe, in this report, cautions, “On third-party screen sharing apps, consumers think they are being helped for complaints, but fraudsters use the opportunity to record the user’s card number, CVV code and initiate financial transactions. Fraudsters view the OTP received on the user’s phone and use it for transferring funds to their accounts.”
4. Stay away from fake helplines
Nowadays, people use Twitter, Facebook and LinkedIn to raise issues regarding the customer services of an organisation. They end up divulging too much information online, and fraudsters prey on just this information. Fraudsters stay abreast with what people post and then act immediately. One way of stealing money from a person’s account is either tweeting or posting fake customer care numbers.
Customers end up calling these fake helplines to report problems like not having received cashbacks, ask for refunds or inform about a failed transaction. Fraudsters then ask customers to share their information like card details or the OTP received on the phone. And this leads to people losing their money.
With more and more people buying smartphones, paying bills online has become easier. However, one must be mindful of sharing sensitive details.
(Edited by Saiqua Sultan)